Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Apr 2004
    Posts
    684
    Thanks
    24
    Thanked 1 Time in 1 Post

    Good article on SQL injection attacks?

    Anyone know of one? I can't seem to find any good ones for PHP.

    Thanks!

  • #2
    WA
    WA is offline
    Administrator
    Join Date
    Mar 2002
    Posts
    2,596
    Thanks
    2
    Thanked 19 Times in 18 Posts
    The following article from SitePoint is a good start: http://www.sitepoint.com/article/sql...n-attacks-safe
    - George
    - JavaScript Kit- JavaScript tutorials and 400+ scripts!
    - JavaScript Reference- JavaScript reference you can relate to.

  • #3
    Regular Coder
    Join Date
    Apr 2004
    Posts
    684
    Thanks
    24
    Thanked 1 Time in 1 Post
    Thanks WA, but that's only for .ASP/.NET.

    Basically all I need to know is what I need to do to protect against SQL injection attacks in PHP?

    Do I have to do anything if magic_quotes_gpc is on?

    Thanks!

  • #4
    WA
    WA is offline
    Administrator
    Join Date
    Mar 2002
    Posts
    2,596
    Thanks
    2
    Thanked 19 Times in 18 Posts
    I'm definitely not an expert in this area, just to get that out of the way. However, that article should help, since SQL injection is similar whether we're talking about MySQL or MSSQL. But for additional info, here's another article that uses PHP and MySQL to illustrate SQL injections: http://www.oxyscripts.com/manuals/ph...injection.html

    magic_quotes_gpc takes care of a lot of the potential problems, though you'll also want to make sure that all incoming data is "clean" and of the type you expect before allowing the script to proceed. For example, if your script expects a number for a parameter, screen that parameter first to ensure that's the case etc.
    - George
    - JavaScript Kit- JavaScript tutorials and 400+ scripts!
    - JavaScript Reference- JavaScript reference you can relate to.

  • #5
    Regular Coder
    Join Date
    Apr 2004
    Posts
    684
    Thanks
    24
    Thanked 1 Time in 1 Post
    Ok, thanks WA!

    For example, if your script expects a number for a parameter, screen that parameter first to ensure that's the case etc.
    Good point!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •